iPhoneMap: iPhoneTracker port to Linux
Last Updated: 2011-04-22 23:25:03 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
Remember the news about iPhone recording all the places where it goes? iPhoneTracker was developed to map the information when the iPhone is synchronized to a OSX machine. Handler Bojan ported it to Linux and named it iPhoneMap. I tested it myself on cygwin and works perfect.
You need to install the DBD-SQLite and DBI perl modules before executing the application. After the installation, go to C:\Users\<your user name>\AppData\Roaming\Apple Computer\MobileSync\Backup. You will find a directory about 41 chars long very similar to a SHA1 hash. Go inside that directory and execute inside the find_sqlite.py script. It will get you the name containing the GPS stored information. After that, issue the following command:
If you open your index.html file with your favorite browser, you will see a map like this one:
-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org
In-house developed applications: The constant headache for the information security officer
Last Updated: 2011-04-22 18:55:49 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
Although perimeter security controls are well publicized, there are many suppliers who can offer them in different countries and these devices can fit into all types of budgets, there are still security problems in custom applications developed within companies that are not so easily solved.
In the modern corporate world, the immediacy of business is a predominant feature. For people responsible for computer security is a challenge because we need to find a balance between the needs required by business, the solution time and the risks that the company can tolerate in information assets.
This week we were dealing with an incident relating to unauthorized access and information leakage of a web application. When we analyzed the logs of the IPS, we find the following:
This pattern is repeated continuously with a number of web pages that make up the application. All request were successfully served. I made the following questions:
- Where is the check for the tag "Referer"? Although this tag is very easy to spoof using any intermediate proxy used in vulnerability analysis, works enough to embarrass people that downloads the webpage on their computers, modify the HTML source to modify the parameters for the forms actions and from the page stored continue their transactions.
- Where is the session id issued by Tomcat for this HTTP request? I asked what happened to the Tomcat configuration for requesting sessions when different servlet invoked. Natural behavior that I expected to see was a redirect to the homepage to request username and password. Response received was that the functionality was not implemented because the business was waiting for an urgent application to come out with a public campaign and that this functionality would be covered once the campaign ended.
- The previous response I received made me raise another question: Is session timeout implemented? I received the same answer: It was not implemented for the same reasons outlined above.
We found other repeated pattern of packets, which turned out to be the root cause of the incident:
Someone with interactive access to the server could upload a modified servlet, which the attacker invoked in the HTTP request and then it was possible to modify and retrieve information from the application.
The lessons learned from the case are as follows:
- Periodically review the information security baseline measures of security for computers that make up the IT infrastructure of your company and verify that all the devices have them in their own settings. In case any of them can not have it implemented, document and minimize the risk with another control.
- Do not skip the normal process of software development, especially those steps involving functional testing and security testing. Any error that presents in production will be far more costly than to discover and correct it before posting the application to users.
- According to the authentication means, the risks of information assets and security controls are in place at your company, define a security architecture for applications that include the method for input data validation, internal processing control, message integrity, validation of the output data, data encryption, file security and system audit logs.
- Although you may become victim of a gang of cyber criminals looking to commit the information and finance business, the vast majority of incidents are presented by vulnerabilities that are well documented, that common people are well-aware of and become materialized because carelessness when implementing IT solutions for business.
- It is clear that security measures can never be an obstacle to achieving business goals, but keep in mind that business goals can be seriously affected by the fault or negligence in the implementation of information security controls.
-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org
Comments
Anonymous
Dec 3rd 2022
9 months ago
Anonymous
Dec 3rd 2022
9 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
Anonymous
Dec 26th 2022
8 months ago
Anonymous
Dec 26th 2022
8 months ago
https://defineprogramming.com/
Dec 26th 2022
8 months ago
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
https://defineprogramming.com/
Dec 26th 2022
8 months ago
rthrth
Jan 2nd 2023
8 months ago